﻿//session include id(in global.asax  given by system)
//                uid
//                group

using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Text.RegularExpressions;
using System.Web.Security;
using System.Configuration;



public partial class Login : System.Web.UI.Page
{
    //define some variables
    string Uname;
    string Passwd;
    string V_code;
    char[] code;
    //define connect example
    SqlConnection sqlcon = null;
    //the command which database execute
    SqlCommand sqlcmd = null;
    SqlCommand sqlcmd2 = null;
    SqlCommand sqlcmd3 = null;
    //sql query
    string cmd = "";
    string cmd2 = "";
    //dbreader, use to cache which was selected
    SqlDataReader read = null;
    SqlDataReader read2 = null;
    SqlDataReader read3 = null;
    protected void Page_Load(object sender, EventArgs e)
    {
        MessageBox.Visible = false;
    }
    protected void LotteryLogin_Click(object sender, EventArgs e)
    {
        //record login info
        Uname = UserName.Text;
        Passwd = PassWord.Text;
        V_code = vcode.Text;
        V_code = V_code.ToUpper();
        //confirm login info
        if ((RegConfirm(Uname) == 1) && (RegConfirm(Passwd) == 1) && (RegConfirm(V_code) == 1))
        {
            if (Uname.Length > 8)
            {
                MessageBox.Visible = true;
                MessageBox.Text = "您输入的用户名过长，请正确输入。";
                Reset();
            }
            else if (Passwd.Length > 20)
            {
                MessageBox.Visible = true;
                MessageBox.Text = "您输入的密码过长，请正确输入。";
                Reset();
            }
            else if (V_code != Session["CheckCode"].ToString())
            {
                MessageBox.Visible = true;
                MessageBox.Text = "您输入的验证码错误，请正确输入。";
                Reset();
            }
            else
            {
                Passwd=FormsAuthentication.HashPasswordForStoringInConfigFile(Passwd, "MD5"); 
                try
                {
                    //connect to db
                    sqlcon = new SqlConnection(ConfigurationManager.ConnectionStrings["testLottery"].ConnectionString);
                    sqlcon.Open();
                    cmd = "select count(*) from member where uid='" + Uname + "'and password='" + Passwd + "'";
                    sqlcmd = new SqlCommand(cmd, sqlcon);
                    read = sqlcmd.ExecuteReader();
                    read.Read();
                    if (((int)read.GetValue(0) == 1))
                    {
                        read.Close();
                        //read the group of the user
                        cmd2 = "select id,[group],name,announcement,notice from member where uid='" + Uname + "'";
                        sqlcmd2 = new SqlCommand(cmd2, sqlcon);
                        read2 = sqlcmd2.ExecuteReader();
                        read2.Read();
                        try
                        {
                            Session["uid"] = read2.GetValue(0);
                            Session["group"] = read2.GetValue(1);
                            Session["uname"] = read2.GetValue(2);
                            Session["anno"] = read2.GetValue(3);
                            Session["notice"] = read2.GetValue(4);
                            Session["password"] = Passwd;
                        }
                        catch (SqlException sqle)
                        {
                            Session["uid"] = "";
                            Session["group"] = "";
                            Session["uname"] = "";
                            Session["password"] = "";
                            Session["anno"] = "";
                            Session["notice"] = "";
                        }
                        finally
                        {
                            read2.Close();
                        }
                        //choose which page to jump to
                        if ((int)Session["group"] == 1)
                        {
                            Response.Redirect("Sales/Sale.aspx");
                        }
                        else if ((int)Session["group"] == 2)
                        {
                            cmd = "select area from AreaManager where member='" + Session["uid"] + "'";
                            sqlcmd3 = new SqlCommand(cmd, sqlcon);
                            read3 = sqlcmd3.ExecuteReader();
                            read3.Read();
                            Session["areaid"] = Int16.Parse(read3.GetValue(0).ToString());
                            read3.Close();
                            Response.Redirect("AreaManager/AreaMan.aspx");
                        }
                        else if ((int)Session["group"] == 3)
                        {
                            Response.Redirect("GeneralManager/Manager.aspx");
                        }
                        else
                        {
                            MessageBox.Visible = true;
                            MessageBox.Text = "您这不开玩笑么？ = = ";
                        }

                    }
                    else
                    {
                        MessageBox.Visible = true;
                        MessageBox.Text = "您输入的用户名和密码有误，请正确输入。";
                        Reset();
                    }
                }
                //error handle
                catch (SqlException sqle)
                {
                    ;
                }
                finally
                {
                    sqlcon.Close();
                }
            }
        }
        else
        {
            MessageBox.Visible = true;
            MessageBox.Text = "您输入的用户名和密码有误，请正确输入。";
            Reset();
        }
       
    }

    //uname and password reg
    private int RegConfirm(string str)
    {
        String TextRegex = "^[A-Za-z0-9]+$";
        if ((Regex.IsMatch(str, TextRegex)))
        {
            return 1;
        }
        else
        {
            return 0;
        }
    }

    private void Reset()
    {
        Uname = "";
        Passwd = "";
        UserName.Text = "";
        PassWord.Text = "";
    }
}